If you're a programmer intimately familiar with the Macintosh's new OS/X
operating system, here is an opportunity for you to contribute some
essential code to Mozilla's crypto libraries, NSS.
NSS's Pseudo Random Number Generator (PRNG) needs to be well seeded with
truly random data ("entropy") from the system on which it runs. To that end,
NSS and NSPR have code that obtains random data, often just a few bits at a
time, from platform-dependent sources.
The source code that performs this task for the Macintosh does not build for
OS/X. Reportedly, many of the data sources (e.g., system functions) that
NSS uses for entropy on older Mac OSes are not available with OS/X. It is
necessary to remove about half the function calls just to get the code to
compile on OS/X. This results in a significant, though not yet measured,
loss of entropy.
So, NSS needs some additional new source code for a Macintosh running OS/X
that will provide a comparable or greater amount of entropy than is presently
obtained on the older Mac OSes.
PSM2 will not run on OS/X until this work is done, so there is some urgency.
The source code that presently gathers entropy for the Mac may be found in
http://lxr.mozilla.org/mozilla/source/security/nss/lib/util/mac_rand.c and
http://lxr.mozilla.org/mozilla/source/nsprpub/pr/src/md/mac/macrng.c
The essential functions are RNG_SystemInfoForRNG and RNG_GetNoise.
The function RNG_SystemInfoForRNG should stir in a minimum of 128 bits of
entropy into the PRNG. Note that not all bits passed to RNG_RandomUpdate
contain entropy (in fact, most don't).
Note that data from other PRNG's such as libc's rand() or random() functions
is not suitable for this purpose. Least significant bits of high speed
clocks or counters sampled at aperiodic intervals (e.g. when the mouse moves or
the disk completes an I/O or a packet arrives) are usually good sources.
Ideally, to accomplish this task, one would first measure the average amount
of entropy currently collected on the older Mac OSes. One would also measure
the amount of entropy collected on OS/X after applying the patch attached to
http://bugzilla.mozilla.org/long_list.cgi?buglist=75049 to see just how much
entropy is lost (or gained) on average as a result of that patch. Then,
any new sources of entropy available in OS/X would be added in, and the
final resultant average amount of entropy would be measured. However, if
plenty of new entropy is available, all that measurement is less important.
Interested volunteers: Please followup to this message in these newsgroups,
or email me for more information.
--
Nelson Bolyard Sun / Netscape Alliance
Disclaimer: I speak for myself, not for Netscape
